SN 10/035.890- Amended Claims - 
Response under 37C.F.R. §1.111 

What is claimed is: 

1 1 (currently amended). A method for assessing risks, comprising: creating a 

2 questionnaire containing a series of questions for prompting a user to supply information 

3 segmented according to risk areas, wherein the risk areas encompass categories of 

4 potential losses including legal and technological exposures in business practice, 

5 operational procedures, historical experience, compliance with regulations, and 

6 external threats including infrastructure failures and third party actions; providing 

7 a data store for recording data identifying user responses to the questions; 

8 programming a series of scoring rules containing an algorithm whereby 

9 the user responses are interpreted as indicating a predetermined level of risk 

10 at least as to categories of said potential losses and exposures; 

1 1 presenting the questionnaire to a user and collecting the user responses in the data 

12 store; processing the user responses through the scoring rules and the 

13 algorithm to generate a report identifying risk levels according to the risk 

14 areas. 

1 2(original). The method of claim 1, further comprising storing a series 

2 of recommendations associated with the risk areas, selecting among the 

3 recommendations as a function of at least one of the user responses and the 

4 risk levels identified by said processing step, and presenting selected ones of 

5 the recommendations in the report. 

1 3(original). The method of claim 1, further comprising creating a 

2 database and storing the questions and the user responses for a plurality of 

3 users for comparison in risk assessments of future users. 

1 4(original). The method of claim 1, at least one of segmenting of the 

2 risk areas, creating the questionnaire and composing the algorithm comprises 

3 reliance on available data and judgment of professionals skilled in the risk 

4 areas. 
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1 5(currently amended). The method of claim 1, wherein the risks 

2 comprise at least one of risk of a c l a i m of potential loss or exposure due to 

3 computational deficiency, denial of service, security breach, violation of legal 

4 regulations, violation of established law, tortious conduct, contractual breach, insufficient 

5 capacity to meet contractual obligations, breach of commitment of confidentiality, 

6 violation of intellectual property rights, and failure to adhere to multi-jurisdictional 

7 differences in regulations. 

1 6(currently amended). The method of claim 1 , wherein the risks are 

2 selected from the group consisting of risk of a c l aim of potential loss or exposure due 

3 to computational deficiency, denial of service, security breach, violation of legal 

4 regulations, violation of established law, tortious conduct, contractual breach, insufficient 

5 capacity to meet contractual obligations , breach of commitment of confidentiality, 

6 violation of intellectual property rights, and failure to adhere to multi-jurisdictional 

7 differences in regulations. 

1 7(currently amended). The method of claim 1 , wherein the risks 

2 consist of risk of potential a c l a i m loss or exposure due to computational deficiency, 

3 denial of service, security breach, violation of legal regulations, violation of established 

4 law,tortious conduct, contractual breach, insufficient capacity to meet contractual 

5 obligations, breach of commitment of confidentiality, violation of intellectual property 

6 rights, and failure to adhere to multi-jurisdictional differences in regulations. 

1 8(original). The method of claim 1, wherein said questionnaire 

2 requires selection among a limited set of possible answers and the algorithm 

3 quantifies risk based on each possible answer. 

1 9(original). The method of clam 8, wherein the questionnaire requires 

2 selection among yes/no and numeric answers. 
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1 10(original). The method of claim 8, wherein the questionnaire permits 

2 at least one of a missing answer and an answer indicating a lack of 

3 information, and wherein the algorithm assesses the risk levels as a function 

4 of said one of a missing answer and said lack of information. 
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